From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id E387B4D13B for ; Mon, 10 Nov 2025 14:11:16 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'jSSefQxrpMVy6qYdg6r0A6Eik8vJZ8AXLxD+C/F0+1E=', expected b'2MQxLCW3yrwJKir/BfmNevu+P/JcqhbYRXPG16Sp2l4=')) header.d=gmail.com header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1762783870; h=mime-version : date : message-id : to : content-type : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : from; bh=ZUHLkt3fn9HmcQ/D7Ced/+X5NOx80yMmgSsAi25U3UQ=; b=sZFLIFBlkpjDy3kakrZJpHRNCBHa6DiQ2ygdOdgQKZPixpciZ4TYI39PNeXSLHEhe4IRP 7CtJn9Tfjx9InUX+HEcr+SjN+3U/ZyR1IavGsUwhLGyAr4eKp1+tET6mXJr0bh7NRRAbar4 zMyynRGcV3U8VHW14X8sk4o1X8RhXpJdwtvRSVAaJv2qP9dpcoS7t5F4uC0xMZhnIXZyd1K orxaMhZJ7wX8JGNzDbP3loNWk6c0PFlmFkArY4U2EWXzruQ3QFCEzYdNISDxa8dPrDGo6pu EQx/8NGEKd854p+iDoqyOtbobhtGx0W0k8uvyp4Jh833Sc8hvF1aPNIIi9TA== Received: from [172.19.0.2] (unknown [172.19.0.2]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 6144168FB63; Mon, 10 Nov 2025 16:11:10 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1762783852; b=t0NUkpPdl2YIiYRedX1qjmsFn9obrer3nnSgF4rQGJz5cNU5zNqY3rY6W4kpdx0gRn5rH b2/2Pjxz0h/Rk4foybzzDOthi9G4+DPiA8lRiFGuWSS2UcmZkWiSDxDYpu6AlL2ODefmrbx btDEtc/nP1Y4eXCWB3XCTJx5pDu7rQe3fzS1OQngoszCrhBLmlR9ykxg6BYMjggh0vQa0oV RB/Lwhx9H5VSl49wE2qb2DvJahR2DJGFUMnlfvKC9QC5Z8G8ZvpAeNbk93e7tcGuVngTwk4 Djf+rjGmRLJffFwWmgPE6yyoud2ajMx4pv14J0Er+PVsf8m/vattgoSKuw0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1762783852; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=jSSefQxrpMVy6qYdg6r0A6Eik8vJZ8AXLxD+C/F0+1E=; b=BGI0md4tJhPV07fRi+pNuyDSAIYKtqJzvMuroJ5sOKcHdTH+BRwX5/GjJ4hQpttHZ1Vgw I/8cT9y9BShD3jPLjRRZ4cPG4a1aOSjkBr/88kGbLSysmjlDIGjQn0R2LNnfulj6UyPFqib BZrshqNO49eSIarucDz3njyDJoPQ3BH2T/wlkYiHLKmKQZB65fWc8rUiofQ29NPXKz0+eAm qwobjsw7eumOGtOXqaFk/IVvd2nSCClF592VUeoJY8J4dIpyQXToYayzn0gRJjhUeKXG/0v QUq3dECLig7HKvOMsXtxaVnTTabgUH3viJUp4HQ5fRTsSJAs8CSJyo5tMTGg== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=fail header.d=gmail.com; arc=none; dmarc=fail header.from=gmail.com policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=fail header.d=gmail.com; arc=none (Message is not ARC signed); dmarc=fail (Used From Domain Record) header.from=gmail.com policy.dmarc=quarantine Received: from mail-oi1-f172.google.com (mail-oi1-f172.google.com [209.85.167.172]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 196A968F630 for ; Fri, 7 Nov 2025 19:16:50 +0200 (EET) Received: by mail-oi1-f172.google.com with SMTP id 5614622812f47-45002de5102so495637b6e.1 for ; Fri, 07 Nov 2025 09:16:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762535808; x=1763140608; darn=ffmpeg.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=2MQxLCW3yrwJKir/BfmNevu+P/JcqhbYRXPG16Sp2l4=; b=jdJQA63VTfz97ianvpSqsa/Toqt4Dj38tQnD0ujxv1sGof3XEsm/EU9H1zb10XVKXT tQurJefebI6v2eyJOsE9va5Tk4TVLFGzKtWAO7a2tA6HVdG5Mpqtrgr6RZu8eNCoE6uP VfEA63RDq3OhuYPNF5+8pncXni7Kp3+3Bz6v3JZI1qiD5D6UKe93B9ezL7EAZr3+zVnz fva/fA0Ik/GyKKm63fyEoXBtanLxODv4LfHqERA5Dooc86/xSefdERr62XDMegipx5vo YMsVEkAJACmcgDGgJNaCgCWy8qEpfEgOT2WnkzBoJUv3Sld50P0tRVCO6fcbXGncn9dd uX/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762535808; x=1763140608; h=cc:to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2MQxLCW3yrwJKir/BfmNevu+P/JcqhbYRXPG16Sp2l4=; b=hW7oHGGdVMNtthWffRyLgdW1GP9Z3jFYGzZcFXSU3PfCnbT/MBKxNTyAYD7/6rKq+P qOEHB8eigkWc4lcIC/yLRaNezVX3xKVHyonBAeSQIrAzDQZbnbb1QqfmytcfVFlv9Zi4 CcVH6nkuLhUNZF3SaJe/sztz0k6MHqouKPA8/lIy1f2xFIXy83dGi2DGzCRLycvCxiQ+ s/DyPqtN3qnCb2nsFK/4pIY8Y0trhj8qX5dCsX4oanzUHU2dj7yyhyFJ77D4wPA7PaQ6 Lbl3Iz0Wn8CMod0hFbs8tjfcpl0BDp3W64rCTlcifioErGhOxykxTaVejS3ZdvdgvS0q iEBQ== X-Gm-Message-State: AOJu0YxFNoDGstz6xOKJi/yTr7yUOf+zEv442rsBQmlwXNZiYrwUhDeS 7+mN8UZhWHV1dZn4o6DGLaV9e7Ob9K+RVKb4wu6MfkE+Av7l/b3My/aD18RlvFjZOnrNIokvLBU cp5MaaaLsorC+s5e8Geaq10ps6cl83gEYFtQ= X-Gm-Gg: ASbGnctdWnCwVnt40+bxqhx9S+tydRkUFUodw52WtU8HNjw9nbwbforr2Jma6WaVK1Y a/3FCtULSp1KMFodQGG6t+4V/A74eqXT74h6r9SyMptUCf+CHXJ8zFym77YUeEYQ8jAMRv3ygQi bNGtMpa/o+9zogOKr62ATbY4p7VutZCh2NyqQvb1RRWCVct1RPZoyRfKOUX0+LhKS//796sCmS/ G89w/5s3CY43NB9si/F+zKI9hyKEPQ1atPk7E5IHTQjOPDywBKWE1HJ9RSpBmt0T8M= X-Google-Smtp-Source: AGHT+IG9uFYKGpdGEla+BJuRvZTWYiVwl8ovdAEZB1b8v+UZcgCxaIxDhdJ0ND/5J9LSKSWMPNnnXoil/zkEWbPrsWo= X-Received: by 2002:a05:6808:bc4:b0:43f:9d5c:781b with SMTP id 5614622812f47-45015ecf249mr2818870b6e.38.1762535807924; Fri, 07 Nov 2025 09:16:47 -0800 (PST) MIME-Version: 1.0 Date: Fri, 7 Nov 2025 18:16:35 +0100 X-Gm-Features: AWmQ_bn5UQih5lbELRk42Zcrl5pbK_lfkoFHZwhRWyKdj5yxyhEAsGuhDYXF-rA Message-ID: To: ffmpeg-devel@ffmpeg.org Content-Type: multipart/mixed; boundary="000000000000bc82ff064304584f" X-MailFrom: SRS0=Px9m=5P=gmail.com=cookieandcream560@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation Message-ID-Hash: SH4PASQZM4WLGXLZ7U3VZMVKXLIP7QAW X-Message-ID-Hash: SH4PASQZM4WLGXLZ7U3VZMVKXLIP7QAW X-Mailman-Approved-At: Mon, 10 Nov 2025 14:10:44 +0000 X-Content-Filtered-By: Mailman/MimeDel 3.3.10 X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PATCH] avcodec/rv60dec: add upper bound check for qp List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Reaxx via ffmpeg-devel Cc: Michael Niedermayer , Reaxx Archived-At: List-Archive: List-Post: --000000000000bc82ff064304584f Content-Type: text/plain; charset="UTF-8" This patch fixes an out-of-bounds read in the RV60 decoder where qp can reach 65, exceeding the rv60_qp_to_idx[64] array bounds. The previous fix (61cbcaf93f) only covered intra frames. This adds validation at the source for all frame types. --000000000000bc82ff064304584f Content-Type: application/octet-stream; name="0001-avcodec-rv60dec-add-upper-bound-check-for-qp.patch" Content-Disposition: attachment; filename="0001-avcodec-rv60dec-add-upper-bound-check-for-qp.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mhp48qj60 RnJvbSBjN2E0ZWYxYzJkMjM1ZTczYmU4NDkwMjhjMTQ1OTQ5ZWFjNmFlOWVmIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBvYmxpdmlvbnNhZ2UgPGNvb2tpZWFuZGNyZWFtNTYwQGdtYWls LmNvbT4KRGF0ZTogRnJpLCA3IE5vdiAyMDI1IDE4OjA4OjE0ICswMTAwClN1YmplY3Q6IFtQQVRD SF0gYXZjb2RlYy9ydjYwZGVjOiBhZGQgdXBwZXIgYm91bmQgY2hlY2sgZm9yIHFwCgpUaGUgcXVh bnRpemF0aW9uIHBhcmFtZXRlciAocXApIGNhbiBleGNlZWQgNjMgd2hlbiB0aGUgYmFzZSB2YWx1 ZQpmcm9tIGZyYW1lIGhlYWRlciAoMC02MykgaXMgY29tYmluZWQgd2l0aCB0aGUgb2Zmc2V0IGZy b20gc2xpY2UgZGF0YQoodXAgdG8gKzIpLCByZXN1bHRpbmcgaW4gcXA9NjUuIFRoaXMgY2F1c2Vz IG91dC1vZi1ib3VuZHMgYWNjZXNzIHRvCnRoZSBydjYwX3FwX3RvX2lkeFs2NF0gYXJyYXkgaW4g ZGVjb2RlX2NicDgoKSwgZGVjb2RlX2NicDE2KCksIGFuZApnZXRfYzR4NF9zZXQoKS4KClByZXZp b3VzIGZpeCBpbiBjb21taXQgNjFjYmNhZjkzZjNiMmUxMDEyNGY0YzYzY2U3Y2Q4ZGFkNjUwNWZi MiBhZGRlZCB2YWxpZGF0aW9uIG9ubHkgZm9yIGludHJhCmZyYW1lcyBhdCBhIGxhdGVyIHN0YWdl LiBUaGlzIHBhdGNoIGFkZHMgdmFsaWRhdGlvbiBhdCB0aGUgc291cmNlCmluIGRlY29kZV9zbGlj ZSgpIHRvIHByZXZlbnQgaW52YWxpZCBxcCB2YWx1ZXMgZm9yIGFsbCBmcmFtZSB0eXBlcy4KCkZp eGVzOiBPdXQtb2YtYm91bmRzIHJlYWQgcmVwb3J0ZWQgYnkgT1NTLUZ1enogKGNsdXN0ZXJmdXp6 LXRlc3RjYXNlLW1pbmltaXplZC1mZm1wZWdfQVZfQ09ERUNfSURfUlY2MF9mdXp6ZXItNTE2MDE2 NzM0NTI5MTI2NCkKU2lnbmVkLW9mZi1ieTogb2JsaXZpb25zYWdlIDxjb29raWVhbmRjcmVhbTU2 MEBnbWFpbC5jb20+Ci0tLQogbGliYXZjb2RlYy9ydjYwZGVjLmMgfCAyICstCiAxIGZpbGUgY2hh bmdlZCwgMSBpbnNlcnRpb24oKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1naXQgYS9saWJhdmNv ZGVjL3J2NjBkZWMuYyBiL2xpYmF2Y29kZWMvcnY2MGRlYy5jCmluZGV4IDMzNzI4ZTMzYTAuLmI3 YjRmNDY1MTIgMTAwNjQ0Ci0tLSBhL2xpYmF2Y29kZWMvcnY2MGRlYy5jCisrKyBiL2xpYmF2Y29k ZWMvcnY2MGRlYy5jCkBAIC0yMjY1LDcgKzIyNjUsNyBAQCBzdGF0aWMgaW50IGRlY29kZV9zbGlj ZShBVkNvZGVjQ29udGV4dCAqYXZjdHgsIHZvaWQgKnRkYXRhLCBpbnQgY3VfeSwgaW50IHRocmVh ZAogICAgICAgICAgICAgZmZfdGhyZWFkX3Byb2dyZXNzX2F3YWl0KCZzLT5wcm9ncmVzc1tjdV95 IC0gMV0sIGN1X3ggKyAyKTsKIAogICAgICAgICBxcCA9IHMtPnFwICsgcmVhZF9xcF9vZmZzZXQo JmdiLCBzLT5xcF9vZmZfdHlwZSk7Ci0gICAgICAgIGlmIChxcCA8IDApIHsKKyAgICAgICAgaWYg KHFwIDwgMCB8fCBxcCA+PSA2NCkgewogICAgICAgICAgICAgcmV0ID0gQVZFUlJPUl9JTlZBTElE REFUQTsKICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICB9Ci0tIAoyLjUwLjEKCg== --000000000000bc82ff064304584f Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org --000000000000bc82ff064304584f--